Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2024-0252)

Qualys Security Advisory

Zoho addressed a vulnerability in the ManageEngine ADSelfService Plus, CVE-2024-0252. The vulnerability is given a critical severity and a CVSS score of 9.9. The vulnerability may allow an authenticated attacker to perform remote code execution on the system with ADSelfService Plus installed. The vulnerability exists in the load balancer component of ADSelfService Plus.

Zoho stated in the advisory that all ADSelfService Plus installations are vulnerable, regardless of load balancer configurations.

Zoho ManageEngine offers enterprise IT software for service management, operations management, Active Directory, and security needs. This tool provides a wide range of IT management solutions, such as business security, ensuring high availability, and providing customer satisfaction.

ADSelfService Plus from ManageEngine is a popular self-service password management and single sign-on solution for Active Directory and cloud applications.

Affected Versions

The vulnerability affects the Zoho ManageEngine ADSelfService Plus Builds 6401 and below.

Mitigation

To patch the vulnerability, customers must upgrade to Zoho ManageEngine ADSelfService Plus Build 6402.

Zoho has addressed the vulnerability with:

  1. Restrictions on the communication processes have been placed on the load balancer component.
  2. Restrictions on domain users from accessing load balancer APIs.

Please refer to the Zoho ManageEngine ADSelfService Plus Security Advisory for more information.

Qualys Detection

Qualys customers can scan their devices with QID 379293 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References

https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html

READ MORE